Executing windows command line investigations : while ensuring evidentiary integrity

Executing windows command line investigations while ensuring evidentiary integrity

The book Executing Windows Command Line Investigations targets the needs of cyber security practitioners who focus on digital forensics and incident response. These are the individuals who are ultimately responsible for executing critical tasks such as incident response; forensic analysis and triage...

Full description

Bibliographic Details
Other Authors: Hosmer, Chet, author (author), Bartolomie, Joshua, author (book designer), Pelli, Rosanne, author, Rogers, Mark, book designer
Format: eBook
Language:Inglés
Published: Amsterdam, [Netherlands] : Syngress 2016.
Edition:First edition
Subjects:
Microsoft Windows (Computer file) > Handbooks, manuals, etc.
Command languages (Computer science)
Command languages (Computer science) > Handbooks, manuals, etc.
Operating systems (Computers) > Handbooks, manuals, etc.
See on Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630169506719
Table of Contents:
  • Front Cover
  • Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity
  • Copyright
  • Dedication
  • Contents
  • Biography
  • Foreword
  • Preface
  • Acknowledgments
  • Harris Corporation
  • Chapter 1: The impact of Windows Command Line investigations
  • Introduction
  • Cybercrime Methods and Vulnerabilities
  • Novel Vulnerabilities
  • Cyber Criminals Use the Windows Command Line
  • Turning the Tables
  • Organization of the Book
  • Chapter 1 Review
  • Chapter 1 Summary Questions
  • Additional Resources
  • Chapter 2: Importance of digital evidence integrity
  • Introduction
  • The Importance of Digital Evidence Integrity
  • Digital Integrity Mechanisms
  • One-way cryptographic hashing
  • Hashing static evidence
  • Hashing volatile or live evidence
  • Searching for specific evidence
  • Hash types and origins
  • Digital signatures
  • Signature types and origins
  • Trusted time stamping
  • Summary
  • Chapter 2 Review
  • Chapter 2 Summary Questions
  • Additional Resources
  • Chapter 3: Windows Command Line Interface
  • Introduction
  • What is the Windows Command Line Interface?
  • Breaking Down Windows Commands by Investigation Processes
  • Windows CLI-starting a live investigation
  • Windows CLI-collecting vital system information
  • Capture important system information
  • Basic disk information
  • Basic network information
  • Windows CLI-collecting volatile evidence
  • Windows CLI-running processes and services
  • Windows CLI-active network activities
  • Windows CLI-event logs evidence capture
  • Windows CLI-collecting static evidence and quick searching
  • Alternate data streams
  • Windows CLI-ending a live investigation
  • Chapter 3 Review
  • Chapter 3 Summary Questions
  • Additional Resources
  • Chapter 4: Operating the Proactive Incident Response Command Shell
  • Introduction
  • PIRCS Operational Considerations.
  • Preparing PIRCS for Portable Media
  • Step one: wipe the device
  • Step two: format the device
  • Step three: install PIRCS
  • PIRCS Basics
  • PIRCS Advanced Capabilities
  • Chapter 4 Review
  • Chapter 4 Summary Questions
  • Additional Resources
  • Software Download Instructions
  • Chapter 5: Use cases
  • Introduction
  • General Evidence Collection Guidelines
  • Locard's Principle
  • Order of Volatility
  • Tool Selection and Usage
  • Fundamental Digital Evidence Categories
  • Full Memory Capture
  • Capturing full RAM contents with Mandiant Memoryze
  • Initial Host Detail
  • Host name
  • Windows OS version
  • System time
  • Current network configuration
  • Currently logged on user
  • Initial host detail collection recommendation
  • Network Connections
  • Active connections
  • Network connection collection recommendation
  • Active Process, Services, and Scheduled Tasks Details
  • Windows Prefetch Files
  • Web Browser History
  • Windows Registry Data Collection
  • Windows Event Logs
  • File Listings
  • Use Case Examples
  • Spear Phishing Attack Scenario
  • Human resources violation scenario
  • Insider Data Exfiltration Scenario
  • Summary
  • Chapter 5 Review
  • Chapter 5 Summary Questions
  • Additional Resources
  • Chapter 6: Future considerations
  • Introduction
  • Windows 10.x
  • Windows Embedded
  • Advanced Automotive Technology
  • Raspberry Pi
  • Wearable Technology
  • New Command Line Applications
  • In Closing
  • Additional Resources
  • Appendix A: Third-party Windows CLI tools
  • Introduction
  • Appendix B: Windows CLI reference synopsis
  • Introduction
  • Microsoft TechNet
  • Popular Commands for an Examination
  • Additional Resources
  • Index
  • Back Cover.

Similar Items